- application programming interface
- Generic Security Services Application Programming Interface (GSSAPI) is an IETF standard API that permits applications to access security services (such as Microsoft® Active Directory®). The Kerberos™ protocol is a type of GSSAPI.
- Hypertext Transfer Protocol
- Hypertext Transfer Protocol over Secure Sockets Layer
- HTTP Negotiate
- HTTP Negotiate is an authentication extension that provides single sign-on for web applications that support Integrated Windows® authentication. HTTP Negotiate was developed by Microsoft.
- Internet Engineering Task Force
- Internet Information Services
- A Key Distribution Center (KDC) is a server that performs the trusted arbitrator role for the Kerberos™ protocol. The KDC issues service tickets and maintains a list of tickets that it issued. Domain controllers are KDCs.
- Kerberos protocol
- The Kerberos™ protocol is a Microsoft® Active Directory® authentication protocol that permits a trusted third-party application to authenticate clients by exchanging encrypted service tickets with Microsoft Active Directory.
- Lightweight Directory Access Protocol
- S4U2proxy extension
- The S4U2proxy (Service-for-User-to-Proxy) extension completes the constrained delegation process. It permits a Kerberos™ enabled service to retrieve the service ticket of another Kerberos enabled service from the KDC on behalf of a client.
- service ticket
- A service ticket is a Kerberos™ key that a client of a Kerberos enabled service can use to open a trusted session with the Kerberos enabled service. The client of the Kerberos enabled service retrieves the service ticket for the Kerberos enabled service from the KDC.
- A service principal name (SPN) is an attribute of a user or group in Microsoft® Active Directory® that supports mutual authentication between a client of a Kerberos™ enabled service and the Kerberos enabled service. A Microsoft Active Directory account can have one or more SPNs.
- Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) is a GSSAPI pseudomechanism that negotiates one or more real mechanisms. A client can use SPNEGO when it must authenticate with a remote service but neither the client nor the service know the authentication protocols that the other supports.
- Secure Sockets Layer
- The Ticket Granting Service (TGS) is a KDC service that grants service tickets for Kerberos™ enabled services on your organization's network.
- The Ticket Granting Ticket (TGT) is a service ticket that a client of a Kerberos™ enabled service sends to the TGS to request the service ticket for the Kerberos enabled service.
- Transport Layer Security
Next topic: Provide feedback
Previous topic: Related resources